+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
Internet Related/Filtering/Firewall Thread, Tmg setup in Technical; Hi I have been trying to setup a edge firewall using tmg. When I try to publish a site the ...
  1. #1
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    580
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19

    Tmg setup

    Hi

    I have been trying to setup a edge firewall using tmg. When I try to publish a site the tmg box can resolove the dns name. The tmg box can
    ping internal servers.

    What haven't I done?

    Thanks

    mark

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Assuming you mean that it can't resolve internal servers I would be looking at the DNS settings for the firewalls NICs, is it set to the internal DNS server. If your internal DNS is setup correctly with the external DNS servers set as fowarders then the internal DNS will do both internal and external.

  3. Thanks to SYNACK from:

    ful56_uk (19th February 2010)

  4. #3
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    580
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19
    ill checked that my lan card and that has the dns setting of my internal dns servers. TMG is a memeber of the domain as well. On the lan card I have no dns settings set.

  5. #4

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,080
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    On your Internal Nic Have you made sure that you have an IP Address / Subnet Mask / DNS Servers ?

    Have you tried performing an nslookup from the TMG Server? and do you have a rule to allow traffic from all traffic internally

    James.

  6. Thanks to EduTech from:

    ful56_uk (19th February 2010)

  7. #5
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    Quote Originally Posted by ful56_uk View Post
    TMG is a member of the domain as well.
    I would never do this.. The edge FW should never be a member of the domain. I would recommend a back to back TMG solution. The internal server should be a mmeber of the domain.

    regards
    bio..

  8. Thanks to bio from:

    ful56_uk (19th February 2010)

  9. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Just to check something

    Your internal Nic has no default gateway set? and your external does?

    Does your webserver default gateway point to your TMG server?

    If it isn't set it up to that and it should be ok.

    I would never do this.. The edge FW should never be a member of the domain. I would recommend a back to back TMG solution. The internal server should be a mmeber of the domain.
    I agree with this. Also your Web servers ideally shouldn't be in the same network as your clients.

  10. Thanks to FN-GM from:

    ful56_uk (19th February 2010)

  11. #7
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    580
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19
    do i have to setup a network for internal to external as nat or route. as my owa rule keeps begin denied, i can ping the local mail server. i also cant access the net on the tmg server i can ping the gateway. i have made sure my lan has the dns and no gw and my wan has no dns and a gw set.

  12. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,374
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    On your external you will need a DG and dns

  13. Thanks to FN-GM from:

    ful56_uk (19th February 2010)

  14. #9
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    580
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19
    Quote Originally Posted by FN-GM View Post
    On your external you will need a DG and dns
    as well as the lan connection? no dg gateway on the lan?
    Last edited by ful56_uk; 19th February 2010 at 07:40 PM.

  15. #10

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by ful56_uk View Post
    as well as the lan connection? no dg gateway on the lan?
    No DG on the LAN interface otherwise it will get confused add DNS though
    Last edited by SYNACK; 19th February 2010 at 08:30 PM.

  16. #11

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,080
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    As Synack Said, The Internal NIC only needs to have IP, Subnet Mask and you DNS Servers the gateway is left as blanc and your clients would use the TMG Server as there gateway so your clients/servers would have a gateway of your Internal NIC IP Address.

    On your external NIC you would put in IP, Subnet, Gateway and LEA DNS Servers.

    If you use an UpStream Proxy, You would create a Web Chaining Rule to forward all requests to an upstream proxy.

    ----

    Make Sure when you configure TMG, you had the internal NIC as your Internal Network

    ----

    Create your rules accordingly, Normally they woud be setup with the server info obviously... Forward Host Header majority of the time and also requests appear to be coming from client rather than TMG Server.

    ----

    Thats roughly how ours is configured anyway, published services are SharePoint, OWA and Talmos via https listener with WildCard SSL / NTLM Forms Based Authentication and Website, 6th Form Website Published via http Listener with No Auth.

    James.

  17. #12
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    580
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19
    Cheers thanks. So do I need to create a network rule for nat or route for external to internal?

  18. #13

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,080
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    Quote Originally Posted by ful56_uk View Post
    Cheers thanks. So do I need to create a network rule for nat or route for external to internal?
    You should not have to create a rule for that, but than again your network is going to be setup differently.. what is it your trying to do? just publish a site?

    James.

  19. #14
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    580
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19
    Trying to publish owa logs say access denied. I have my web listener setup right and is listerning on the external network. In the log it is say external host to local host is the denied error.

  20. #15

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,080
    Thank Post
    160
    Thanked 941 Times in 733 Posts
    Blog Entries
    3
    Rep Power
    276
    Quote Originally Posted by ful56_uk View Post
    Trying to publish owa logs say access denied. I have my web listener setup right and is listerning on the external network. In the log it is say external host to local host is the denied error.
    How have you setup the published rule?

    James.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. VMWare setup
    By dezt in forum Thin Client and Virtual Machines
    Replies: 14
    Last Post: 1st October 2010, 05:11 PM
  2. Forefront TMG Default Gateway
    By teejay in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 26th January 2010, 03:34 PM
  3. anyone using forefront TMG live yet?
    By HMCTech in forum Windows Server 2008
    Replies: 2
    Last Post: 9th October 2009, 08:40 AM
  4. ISA 2006/TMG Beta as Gateway
    By Nick_Parker in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 13th September 2009, 12:15 PM
  5. Forefront TMG (Beta) and Server 2008?
    By Zimmer in forum Windows Server 2008
    Replies: 2
    Last Post: 19th January 2009, 03:00 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •